Main Vulnerability Database SB2018050716

SB2018050716 - Information disclosure in Cisco Meeting Server

Published: May 7, 2018

Security Bulletin ID SB2018050716

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Configuration error (CVE-ID: CVE-2018-0262)

CWE-ID: CWE-16 - Configuration

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information the target system.

The weakness exists due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface. A remote attacker can gain unauthenticated access to configuration and database files as well as sensitive meeting information.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-cms-cx